diff options
author | Max Krummenacher <max.krummenacher@toradex.com> | 2018-03-12 16:59:40 +0100 |
---|---|---|
committer | Max Krummenacher <max.krummenacher@toradex.com> | 2018-03-12 16:59:40 +0100 |
commit | 8d99753ad93af6bcaf798232eeb15e60bdd7e94b (patch) | |
tree | d1442504baf73be22d9e6bc1864206df5ccedfeb /crypto | |
parent | 0e674a64b86e2bb00ab43f56104d3ea85dda0066 (diff) | |
parent | b67416226a0cff3f49032de36906ad1ebe5694a0 (diff) |
Merge tag 'v4.9.87' into fslc_4.9-1.0.x-imx
This is the 4.9.87 stable release
Conflicts:
drivers/dma/fsl-edma.c
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/asymmetric_keys/pkcs7_verify.c | 2 | ||||
-rw-r--r-- | crypto/asymmetric_keys/public_key.c | 4 | ||||
-rw-r--r-- | crypto/asymmetric_keys/restrict.c | 7 |
3 files changed, 9 insertions, 4 deletions
diff --git a/crypto/asymmetric_keys/pkcs7_verify.c b/crypto/asymmetric_keys/pkcs7_verify.c index 5a37962d2199..df1bde273bba 100644 --- a/crypto/asymmetric_keys/pkcs7_verify.c +++ b/crypto/asymmetric_keys/pkcs7_verify.c @@ -261,7 +261,7 @@ static int pkcs7_verify_sig_chain(struct pkcs7_message *pkcs7, sinfo->index); return 0; } - ret = public_key_verify_signature(p->pub, p->sig); + ret = public_key_verify_signature(p->pub, x509->sig); if (ret < 0) return ret; x509->signer = p; diff --git a/crypto/asymmetric_keys/public_key.c b/crypto/asymmetric_keys/public_key.c index 4955eb66e361..8525fe474abd 100644 --- a/crypto/asymmetric_keys/public_key.c +++ b/crypto/asymmetric_keys/public_key.c @@ -93,9 +93,11 @@ int public_key_verify_signature(const struct public_key *pkey, BUG_ON(!pkey); BUG_ON(!sig); - BUG_ON(!sig->digest); BUG_ON(!sig->s); + if (!sig->digest) + return -ENOPKG; + alg_name = sig->pkey_algo; if (strcmp(sig->pkey_algo, "rsa") == 0) { /* The data wangled by the RSA algorithm is typically padded diff --git a/crypto/asymmetric_keys/restrict.c b/crypto/asymmetric_keys/restrict.c index 19d1afb9890f..09b1374dc619 100644 --- a/crypto/asymmetric_keys/restrict.c +++ b/crypto/asymmetric_keys/restrict.c @@ -66,8 +66,9 @@ __setup("ca_keys=", ca_keys_setup); * * Returns 0 if the new certificate was accepted, -ENOKEY if we couldn't find a * matching parent certificate in the trusted list, -EKEYREJECTED if the - * signature check fails or the key is blacklisted and some other error if - * there is a matching certificate but the signature check cannot be performed. + * signature check fails or the key is blacklisted, -ENOPKG if the signature + * uses unsupported crypto, or some other error if there is a matching + * certificate but the signature check cannot be performed. */ int restrict_link_by_signature(struct key *trust_keyring, const struct key_type *type, @@ -86,6 +87,8 @@ int restrict_link_by_signature(struct key *trust_keyring, return -EOPNOTSUPP; sig = payload->data[asym_auth]; + if (!sig) + return -ENOPKG; if (!sig->auth_ids[0] && !sig->auth_ids[1]) return -ENOKEY; |